SQL Injection

Another common injection due to the lack of proper output encoding is SQL
Injection, mostly because of an old bad practice: string concatenation.

In short: whenever a variable holding a value which may include arbitrary
characters such as ones with special meaning to the database management system
is simply added to a (partial) SQL query, you're vulnerable to SQL Injection.